//package com.young.shop.api.configurations;
//
//import com.young.shop.api.service.UserService;
//import com.young.shop.pojo.entity.User;
//import org.apache.shiro.SecurityUtils;
//import org.apache.shiro.authc.*;
//import org.apache.shiro.authz.AuthorizationInfo;
//import org.apache.shiro.authz.SimpleAuthorizationInfo;
//import org.apache.shiro.realm.AuthorizingRealm;
//import org.apache.shiro.session.Session;
//import org.apache.shiro.subject.PrincipalCollection;
//import org.apache.shiro.subject.Subject;
//import org.springframework.beans.factory.annotation.Autowired;
//
///**
// * @author 曾家乐
// * @version 1.0
// * @date 2021-01-26 19:48
// * <p>
// * 自定义的UserRealm 只需要extends AuthorizingRealm
// */
//public class UserRealm extends AuthorizingRealm {
//    @Autowired
//    private UserService userService;
//    /**
//     * 认证
//     *
//     * @param token the authentication token containing the user's principal and credentials.
//     * @return
//     * @throws AuthenticationException 只要是登录就会进入这个方法
//     */
//    @Override
//    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
//        System.out.println("执行了->认证doGetAuthenticationInfo");
//
//        UsernamePasswordToken userToken = (UsernamePasswordToken) token;
//        User user = userService.userLogin(userToken.getUsername());
//        if (user==null){
//            //抛出异常
//            return null;
//        }
//
//        //认证成功之后，存入session中
//        Subject subject = SecurityUtils.getSubject();
//        Session session = subject.getSession();
//        session.setAttribute("loginUser","user对象");
//
//
//        //todo 可以加密， MD5 (盐值加密)
//
//        //密码认证，shiro做
//        //参数第一个填user  这里传入就可以全局使用（下面的授权 也可以拿到user对象）
//        return new SimpleAuthenticationInfo(user,user.getPassword(),"");
//    }
//
//    //授权
//    @Override
//    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
//        System.out.println("执行了->授权doGetAuthorizationInfo");
//
//        SimpleAuthorizationInfo simpleAuthorizationInfo = new SimpleAuthorizationInfo();
//
//        Subject subject = SecurityUtils.getSubject();
//        //上面的认证，最后返回的对象中有user对象，这里也能拿到user对象
//        //可以直接强转成User对象     拿到User对象
//        Object currentUser = subject.getPrincipal();
//
//        //设置当前用户的权限
//        simpleAuthorizationInfo.addStringPermission("从数据查询到的权限");
//
//        return simpleAuthorizationInfo;
//    }
//}
